Data security & AI governance glossary
- Access Control
Access Control is a fundamental security concept that involves regulating who or what can view or use resources in a computing environment. It is a critical component of security c…
- Access Control List (ACL)
An access control list (ACL) is a list of permissions that are associated with a specific file or resource on a computer system or network. The purpose of an ACL is to define which…
- Advanced Encryption Standard
The Advanced Encryption Standard (AES) is a symmetric-key encryption algorithm that is widely used to secure data. It was developed by the US National Institute of Standards and Te…
- Advanced Persistent Threat (APT)
An APT, or Advanced Persistent Threat, is a type of cyberattack in which an attacker gains unauthorized access to a network or system and remains undetected for an extended period…
- AI Security Posture Management (AI-SPM)
AI Security Posture Management (AI-SPM) is an emerging security practice focused on continuously discovering, assessing, and securing the AI systems an organization uses — includin…
- Amazon Athena
Amazon Athena is a query service provided by Amazon Web Services (AWS) that allows users to analyze data stored in Amazon Simple Storage Service (S3) using SQL. Athena is serverles…
- Amazon Aurora
Amazon Aurora is a fully-managed, cloud-based relational database service provided by Amazon Web Services (AWS). It is designed to be compatible with MySQL and PostgreSQL, and offe…
- Amazon CloudWatch
Amazon CloudWatch is a monitoring service for AWS resources and the applications that you run on the cloud platform. It provides data and operational insights for various resources…
- Amazon Cognito
Amazon Cognito is a cloud-based identity and access management service provided by Amazon Web Services (AWS). It enables users to create and manage user identities, access controls…
- Amazon Config
Amazon Config is a service offered by Amazon Web Services (AWS) that enables you to assess, audit, and evaluate the configurations of your AWS resources. It provides visibility int…
- Amazon Detective
Amazon Detective is a security service offered by Amazon Web Services (AWS). It uses machine learning and graph theory to help customers investigate and identify the root cause of…
- Amazon Elastic Block Store (EBS)
Amazon Elastic Block Store (Amazon EBS) is a block-level storage service for Amazon Elastic Compute Cloud (EC2) instances. It provides persistent storage for data that is required…
- Amazon Elastic Compute Cloud (EC2)
Amazon Elastic Compute Cloud (EC2) is a cloud computing service provided by Amazon Web Services (AWS). It allows businesses and organizations to rent virtual computers, known as in…
- Amazon Elastic File System (EFS)
Amazon Elastic File System (Amazon EFS) is a fully-managed service offered by Amazon Web Services (AWS) that provides scalable file storage for use with Amazon Elastic Compute Clou…
- Amazon Inspector
Amazon Inspector is a security assessment service offered by Amazon Web Services (AWS). It is designed to help customers identify and address vulnerabilities in their Amazon Elasti…
- Amazon Keyspaces
Amazon Keyspaces is a scalable, highly available, and managed Apache Cassandra-compatible database service provided by Amazon Web Services (AWS). It offers the performance, elastic…
- Amazon Lightsail
Amazon Lightsail is a cloud computing service offered by Amazon Web Services (AWS). It provides a simple and cost-effective way for developers, businesses, and individuals to set u…
- Amazon Macie
Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in the AWS cloud. It helps organizations to protect th…
- Amazon Neptune
Amazon Neptune is a fully managed graph database service that is designed to be fast, scalable, and highly available. It is suitable for storing and querying large-scale graph data…
- Amazon Quantum Ledger Database
Amazon Quantum Ledger Database (QLDB) is a fully managed ledger database service that provides a transparent, immutable, and cryptographically verifiable record of transactions. It…
- Amazon Redshift
Amazon Redshift is a fully-managed data warehousing service provided by Amazon Web Services (AWS). It utilizes a column-oriented database architecture, which allows for fast queryi…
- Amazon Route 53 Resolver DNS Firewall
Amazon Route 53 Resolver DNS Firewall is a security service offered by Amazon Web Services (AWS) that helps protect your Amazon Virtual Private Cloud (Amazon VPC) resources from DN…
- Amazon Simple Storage Service (S3)
Amazon S3 (Simple Storage Service) is a cloud storage service provided by Amazon Web Services (AWS) that allows businesses and organizations to store and manage data in the cloud.…
- Amazon Timestream
Amazon Timestream is a fully managed time series database service offered by Amazon Web Services (AWS). It is designed to store, process, and analyze large volumes of time-series d…
- Amazon Web Application Firewall
Amazon Web Application Firewall (AWS WAF) is a fully managed security service that helps protect web applications from common web exploits that could affect the availability, perfo…
- Amazon Web Services (AWS) Artifact
AWS Artifact is a compliance reporting platform that provides access to AWS security and compliance documents, such as audit reports, service organization control (SOC) reports, an…
- Amazon Web Services (AWS) Backup
AWS Backup is a fully-managed service offered by Amazon Web Services (AWS) that enables you to automate the process of backing up your data. It provides a central place to store, m…
- Anti-virus
An antivirus is a software program that is designed to prevent, detect, and remove malware infections on individual computers, servers, and other electronic devices. Malware, short…
- Authentication
Authentication is the process of verifying the identity of a person, device, or application. It is an essential security measure that is used to prevent unauthorized access to syst…
- Authorization
Authorization is the process of granting or denying access to resources, such as systems, networks, files, or other assets, based on an individual's identity and permissions. It is…
- AWS Audit Manager
Audit Manager in Amazon Web Services (AWS) is a service designed to help organizations continuously audit their AWS usage to ensure compliance with internal policies and external r…
- AWS Certificate Manager
Amazon Web Services (AWS) Certificate Manager (ACM) is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certific…
- AWS CloudHSM
AWS CloudHSM is a security service offered by Amazon Web Services (AWS). It provides customers with a hardware security module (HSM) in the cloud, which they can use to store and m…
- AWS Elastic BeanStalk
AWS Elastic Beanstalk is a fully-managed service offered by Amazon Web Services (AWS) that makes it easy to deploy and run web applications and services. It provides a simple and s…
- AWS Firewall Manager
AWS Firewall Manager is a security management service provided by Amazon Web Services (AWS) that simplifies the administration and maintenance of firewall rules across an organizat…
- AWS Identity and Access Management (IAM)
AWS IAM, or Amazon Web Services Identity and Access Management, is a service that allows users to securely access and manage resources within the AWS platform. It enables users to…
- AWS Lambda
AWS Lambda is a serverless computing service provided by Amazon Web Services (AWS) that allows users to run code in response to events without provisioning or managing servers. It…
- AWS Network Firewall
AWS Network Firewall is a managed service provided by Amazon Web Services (AWS) that offers robust network protection for virtual networks on AWS. It is designed to safeguard AWS e…
- AWS Organizations
AWS Organizations is a feature of the Amazon Web Services (AWS) platform that allows you to centralize billing, account management, and access control for multiple AWS accounts. Th…
- AWS Private Certificate Authority
AWS Private Certificate Authority (AWS PCA) refers to a managed service provided by Amazon Web Services (AWS) that allows organizations to create and manage their own private certi…
- AWS Resource Access Manager
AWS Resource Access Manager (RAM) is a service provided by Amazon Web Services (AWS) that allows users to securely share AWS resources across multiple AWS accounts within an organi…
- AWS Security Hub
AWS Security Hub is a security management service offered by Amazon Web Services (AWS). It is designed to help customers automate and centralize the collection, aggregation, and pr…
- AWS Shield
AWS Shield is a security service offered by Amazon Web Services (AWS). It is designed to help customers protect their applications from common network and application-level attacks…
- AWS Storage Gateway
AWS Storage Gateway is a fully-managed service offered by Amazon Web Services (AWS) that enables you to store and retrieve data from on-premises storage systems using the AWS Cloud…
- Azure Active Directory
Azure Active Directory (Azure AD) is a cloud-based identity and access management service by Microsoft. It's designed to assist organizations in managing user identities and establ…
- Azure Active Directory Domain (AD DS)
Azure Active Directory Domain Services (AD DS) is a Microsoft Azure service that provides managed domain services such as domain join, group policy, LDAP, and Kerberos/NTLM authent…
- Azure App Configuration
Azure App Configuration is a cloud-based service provided by Microsoft Azure for centralizing and managing configuration settings for applications. It offers a secure and scalable…
- Azure Archive Storage
Azure Archive Storage is a cost-effective, highly durable, and secure cloud storage solution provided by Microsoft Azure for long-term data retention. It is designed for data that…
- Azure Backup
Azure Backup is a robust cloud-based data protection service provided by Microsoft Azure. It serves as a comprehensive solution for safeguarding critical business data in diverse h…
- Azure Bastion
Azure Bastion is a pivotal service in the Azure platform, designed to provide secure and seamless Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to Azure virtual machi…
- Azure Blob Storage
Azure Blob Storage is a cloud-based storage service provided by Microsoft Azure that enables users to store and manage large amounts of unstructured data, such as images, audio fil…
- Azure Data Box
Azure Data Box is a physical data transfer solution offered by Microsoft Azure that enables efficient and secure movement of large volumes of data to and from the cloud. It serves…
- Azure Data Lake Storage
Azure Data Lake Storage is a cloud-based data storage service provided by Microsoft Azure. It is designed for storing large volumes of structured and unstructured data, and provide…
- Azure DDoS Protection
Azure DDoS Protection is a comprehensive service provided by Microsoft Azure that helps safeguard applications and infrastructure from Distributed Denial of Service (DDoS) attacks.…
- Azure Disk Storage
Azure Disk Storage is a managed storage service provided by Microsoft Azure for creating and managing durable and high-performance disk resources. It offers scalable block-level st…
- Azure Files
Azure Files is a cloud-based file storage service provided by Microsoft Azure that enables organizations to create and manage file shares in the cloud. It offers a scalable and sec…
- Azure Firewall Manager
Azure Firewall Manager is a centralized security management service provided by Microsoft Azure that enables organizations to manage and enforce consistent security policies across…
- Azure Key Vault
AWS Shield is a security service offered by Amazon Web Services (AWS). It is designed to help customers protect their applications from common network and application-level attacks…
- Azure NetApp Files
Azure NetApp Files is a cloud-native, fully-managed file storage service offered by Microsoft Azure. It delivers enterprise-level performance, scalability, and availability for a w…
- Cache Poisoning
Cache poisoning is a type of attack in which an attacker is able to inject malicious data into a cache, often a DNS cache. This can have serious consequences, as the injected data…
- California Consumer Privacy Act (CCPA)
What is the California Consumer Privacy Act (CCPA) The California Consumer Privacy Act (CCPA), effective since January 1, 2020, is a data privacy law enacted in California, aiming…
- California Privacy Rights Act (CPRA)
The California Privacy Rights Act (CPRA) is a privacy law that was passed in California in 2020. It aims to strengthen and expand the privacy rights of California residents, and ap…
- Chronicle Security Operations
Chronicle Security Operations is a comprehensive security monitoring and analytics platform provided by Chronicle, a subsidiary of Alphabet Inc. It is designed to help organization…
- Cloud Detection and Response (CDR)
What Is Cloud Detection and Response (CDR)? Cloud Detection and Response (CDR) is a comprehensive cybersecurity approach designed to safeguard cloud-based environments by detecting…
- Cloud Security Posture Management (CSPM)
Cloud Security Posture Management (CSPM) is a security approach focused on managing and enhancing the security posture of cloud environments. CSPM solutions automate the identifica…
- Cloud Vulnerabilities
Cloud vulnerabilities refer to weaknesses or gaps in the security of cloud computing systems that could potentially be exploited by cybercriminals to gain unauthorized access to da…
- Container Security
Containers security refers to the measures taken to protect containerized applications and the host infrastructure they run on from cyber threats and vulnerabilities. Containers ar…
- Continuity of Operations Plan
A Continuity of Operations Plan (COOP) is a strategic document that organizations develop to ensure the uninterrupted continuation of critical functions and operations during and a…
- Cyphertext
Cyphertext is the encrypted version of plaintext, which is ordinary, unencrypted text. Cyphertext is created by applying a cipher, which is a mathematical algorithm, to the plainte…
- Data Access Governance (DAG)
Data access governance (DAG) refers to the implementation of policies, procedures, and controls aimed at overseeing access to organizational and/or sensitive data. Properly execute…
- Data Detection and Response (DDR)
Data Detection & Response (DDR) refers to how organizations discover and respond to threats affecting their data. Having clear processes to address security threats is critical for…
- Data Encryption Standard
The Data Encryption Standard (DES) is a symmetric-key block cipher algorithm that was first published by the National Institute of Standards and Technology (NIST) in 1977. It was t…
- Data Engineering
Data engineering is the practice of designing, building, and maintaining the infrastructure and processes needed to store, transform, and analyze data. It is a crucial part of the…
- Data Integrity
Data integrity is a very broad term, which refers to the maintenance of data in its entire life-cycle, from physically storing the data safely, to maintaining the accuracy and cons…
- Data Lake
What Is a Data Lake? A data lake is a large and centralized repository that stores all kinds of structured, semi-structured, and unstructured data at any scale. It is a vast pool o…
- Data Lineage
Data lineage is the process of tracing the origin and history of data as it flows through an organization. It involves understanding where the data comes from, how it is transforme…
- Data Localization
What Is Data Localization? The practice of storing and processing data within a specific geographic region or jurisdiction. It involves restricting or informing on the movement and…
- Data Loss Prevention (DLP)
Data Loss Prevention (DLP) refers to tools which prevent employees or users from sending sensitive or confidential data outside the company’s network. DLP solutions let network adm…
- Data Mining
Data mining is the process of discovering patterns and extracting information from large amounts of data and transforming the information into a comprehensible structure for furthe…
- Data Science
Data science is an interdisciplinary field that combines expertise in statistics, computer science, and domain knowledge to extract insights and knowledge from data. It involves th…
- Data Security Compliance
Data Security Compliance Data Security Compliance is a process that defines protocols, procedures and policies to ensure that sensitive data is protected, secured, and stored in-li…
- Data Security Posture Management (DSPM)?
Data Security Posture Management (DSPM) is a security discipline that continuously discovers, classifies, and protects sensitive data across cloud, SaaS, and on-premises environmen…
- Data Sprawl
Data sprawl is the uncontrolled proliferation of data across an organization's environments — cloud storage, SaaS applications, databases, data warehouses, backups, and developer e…
- Data Warehouse
A data warehouse is a large, centralized repository of data that is used to support business intelligence (BI) activities such as reporting, data analysis, and data mining. The dat…
- DevOps
DevOps is a software development approach that aims to bring together developers and operations teams in order to improve collaboration and the speed and quality of software releas…
- DynamoDB
DynamoDB is a fully managed NoSQL database service offered by Amazon Web Services (AWS). It provides fast and predictable performance with seamless scalability, and it's a popular…
- Elastic Disaster Recovery
Elastic Disaster Recovery is a cloud-based service designed to help organizations quickly recover their critical systems and data after a disaster. It provides a cost-effective, sc…
- Encryption
Encryption is the process of converting plaintext or readable data into ciphertext, which is a scrambled and unreadable form of data. It is used to secure data during transmission…
- GCP Access Transparency and Access Approval
GCP Access Transparency and Access Approval are innovative features in Google Cloud Platform (GCP) designed to enhance data security and user control. These features provide users…
- General Data Protection Regulation (GDPR)
What is General Data Protection Regulation (GDPR)? The General Data Protection Regulation (GDPR) is a comprehensive data protection law that was implemented in the European Union (…
- Google Advanced Protection Program
The Google Advanced Protection Program is a security initiative by Google that provides enhanced protection for individuals at high risk of targeted online attacks. This program em…
- Google Assured Workloads
Google Assured Workloads is a specialized service within the Google Cloud Platform, designed to help organizations manage their cloud resources while adhering to stringent complian…
- Google Cloud Firewall
Google Cloud Firewall, part of Google Cloud Platform (GCP), is a managed service that provides network security by allowing or denying traffic to or from Virtual Machine (VM) insta…
- Google Cloud Platform
Google Cloud Platform (GCP) is a cloud computing platform and infrastructure created by Google to support a range of services, including those for computing, data storage, networki…
- Google Cloud Secret Manager
Google Secret Manager is a cloud-based service offered by Google Cloud Platform (GCP), designed to securely store and manage sensitive data such as API keys, passwords, and certifi…
- Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) is a United States federal law enacted in 1996 to protect the privacy and security of individuals' health informatio…
- Homomorphic Encryption
What is Homomorphic Encryption? Homomorphic encryption is an encryption technique that allows users to perform mathematical operations on encrypted data, without accessing the encr…
- Hybrid Cloud
Hybrid cloud is a computing environment that combines the use of both public cloud services and private infrastructure. It allows organizations to leverage the benefits of both env…
- Knative
Knative is an open-source platform for building and deploying serverless applications. It is built on top of Kubernetes, a popular container orchestration platform, and provides a…
- Kubernetes
Kubernetes is an open-source container orchestration system for automating the deployment, scaling, and management of containerized applications. It was originally developed by Goo…
- Mean Time to Resolve (MTTR)
Mean Time to Resolve (MTTR) is the average amount of time it takes an organization to fully resolve an issue after it has been detected. MTTR is commonly used across IT operations,…
- Microsoft Defender External Attack Surface Management
Microsoft Defender External Attack Surface Management (EASM) is a Microsoft security solution for identifying and mitigating vulnerabilities in external-facing assets. It focuses o…
- Microsoft Defender for Cloud
Microsoft Defender for Cloud is a sophisticated cloud security platform provided by Microsoft, designed to protect multi-cloud and hybrid environments. It is an essential tool for…
- Microsoft Sentinel
Microsoft Sentinel is a sophisticated security solution, offering a blend of SIEM (Security Information and Event Management) and SOAR (Security Orchestration Automated Response) c…
- Model Context Protocol (MCP)
What is Model Context Protocol (MCP)? Model Context Protocol (MCP) is an open standard that enables AI assistants and large language models (LLMs) to securely connect to external t…
- MongoDB
MongoDB is a popular open-source database management system. It is classified as a NoSQL database, which means that it is designed to handle large volumes of data that may not be s…
- Next Gen Antivirus
Next-Generation Antivirus (NGAV) refers to a new breed of antivirus solutions that go beyond traditional signature-based approaches to detect and prevent advanced and emerging cybe…
- NIST AI Risk Management Framework
What Is the NIST AI Risk Management Framework? The NIST AI Risk Management Framework (AI RMF) is a voluntary framework developed by the U.S. National Institute of Standards and Tec…
- Packet Mirroring
Packet Mirroring, also known as Port Mirroring or SPAN, is a critical network monitoring technique used to copy network packets from a source port to a destination port for analysi…
- Payment Card Industry Data Security Standard (PCI DSS)
What is Payment Card Industry Data Security Standard (PCI DSS) The Payment Card Industry Data Security Standard (PCI DSS) is a comprehensive set of security standards created by ma…
- Personally Identifiable Information (PII)
Personally Identifiable Information (PII) encompasses data that can be used on its own or with other information to identify, contact, or locate a single person. It is a fundamenta…
- Platform as a Service (PaaS)
Platform as a Service (PaaS) is a cloud computing model in which a third-party provider delivers a platform for developing, deploying, and managing applications over the internet.…
- Private Cloud
Private cloud is a type of cloud computing that delivers services, such as storage, computing, and networking, over the internet, but in a way that is dedicated to a single organiz…
- Protected Healthcare Information (PHI)
What Is Protected Healthcare Information (PHI) Protected Health Information (PHI) is any information about an individual's health or healthcare that is created, used, or disclosed…
- Public Cloud
A public cloud is a type of cloud computing that delivers services, such as storage, computing, and networking, over the internet to anyone who wants to use them. The services are…
- Records of Processing Activities (ROPA)
What Is ROPA? Records of Processing Activities (ROPA) is a formal record required under Article 30 of the GDPR that documents how an organization collects, uses, stores, shares, an…
- Role Based Access Control (RBAC)
What is Role Based Access Control (RBAC) Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of users within an…
- SaaS Security Posture Management
What is SaaS Security Posture Management? For 20 years the enterprise world has been moving their processes, workloads and data into Software-as-a-Service (SaaS) applications. This…
- Sarbanes-Oxley Act of 2002
The Sarbanes-Oxley Act of 2002, widely known as SOX, is a landmark U.S. federal law enacted in response to a series of high-profile corporate scandals and financial frauds. The leg…
- Security and Information Event Management (SIEM)
Security Information and Event Management (SIEM) products are tools that help organizations monitor and analyze their security posture in real-time. They do this by collecting data…
- Security Operation Center (SOC)
What Is a Security Operation Center (SOC)? A Security Operation Center (SOC) is a dedicated team or department within an organization that is responsible for monitoring and managin…
- Security Orchestration, Automation, and Response (SOAR)
Security Orchestration, Automation, and Response (SOAR) products are tools that help organizations automate and streamline their incident response processes. They do this by integr…
- Security Posture Management
Security Posture Management is a market segment of IT security tools that covers your overall defense against cyber threats. This includes everything from security policies, employ…
- Shadow AI
Shadow AI refers to the use of artificial intelligence tools — chatbots, code assistants, image generators, and other AI-powered applications — by employees or teams without the kn…
- Shadow Data
Shadow data is any sensitive or confidential data that is leaked from any devices/systems or cloud, intentionally or inadvertently. Examples of shadow data include: ● An employee s…
- Shielded VMs
Shielded VMs are a security feature provided by cloud platforms like Microsoft Azure and Google Cloud Platform, designed to offer enhanced protection against threats like rootkits…
- Software as a Service (SaaS)
Software as a Service (SaaS) is a cloud computing model in which a third-party provider delivers software over the internet on a subscription basis. SaaS applications are accessed…